Fraud Prevention
Realtime fraud prevention API to detect suspicious activity
Payment Page
Add the javascript to the head section of your payment page
<script src="https://fd.sla-alacrity.com/d513e9e03227.js"></script>
You then need to retrieve a token that is associated with this visitor and checkout. You do this by calling Detector(ids, partner, service) once the page has loaded.
| Parameter | Description | Example |
|---|---|---|
| ids | The HTML id's of your payment form, confirmation button, and cancel button | form: 'purchase_form' confirm_button: 'form_submit_btn' cancel_button: 'form_cancel_btn' |
| partner | Your Alacrity partner URI | partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb |
| service | Your Alacrity service URI | campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779 |
Our javascript will insert an HTML element with the id fraudDetectorIsLoaded so that you can check that everything has loaded before submitting your form. Once loaded our javascript will also add a hidden input to your form with the name token and the value equal to the returned token.
Below is a full example using vanilla javascript of initialising the Detector, adding a listener to your form, checking that fraudDetectorIsLoaded, and then submitting your form (with the hidden token field).
window.onload = function () {
var ids = {
form: 'purchase_form',
confirm_button: 'form_submit_btn',
cancel_button: 'form_cancel_btn'
};
var partner = 'partner:h7j9w4n8-97a4-4eb7-9ec1-4333131805cb';
var service = 'campaign:2a73f22ed63c1f8e40925632b7n10w6fed611779';
const detector = new Detector(ids, partner, service);
detector.setup();
var form = document.getElementById(ids['form']);
form.addEventListener("submit", function(e) {
e.preventDefault();
function fraudDetectorLoaded() {
var loaded = document.getElementById('fraudDetectorIsLoaded');
if (loaded && loaded.value === 'yes') {
form.submit();
} else if ('requestIdleCallback' in window) {
requestIdleCallback(fraudDetectorLoaded);
} else {
setTimeout(fraudDetectorLoaded, 100);
}
}
fraudDetectorLoaded();
});
}
Check Transaction API
Once the user has submitted your payment form you need to check the token with our Check Transaction API. This API will check the token and return whether the user/purchase is valid or not.
HTTP Request
POST /v1/check_transaction?token={token}
Sample Request
POST /v1/check_transaction?
token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a
Host: fd.sla-alacrity.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json
curl -X POST \
https://fd.sla-alacrity.com/v1/check_transaction?token=2e056a61-18d0-41c7-93d1-94f07bf9cf0a \
--header 'Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=='
| Parameter | Description | Example |
|---|---|---|
| token | This is the token that is added as a hidden input field on your payment form and is submitted along with your form with the parameter name token | 2e056a61-18d0-41c7-93d1-94f07bf9cf0a |
Response
The response is returned as JSON and also uses HTTP status codes. When the status code is 200 the response will contain the key is_vaild which is a boolean and indicates whether or not the transaction is valid and the purchase should be allowed.
{
"is_vaild": true
}
200
If a transaction is blocked for being suspicious is_valid will be false and there will be a reason returned.
{
"is_valid": false,
"reason": "BOT_ACTIVITY"
}
200
It's also possible to receive other errors via the HTTP status codes such as 400, 401, and 404. In this case there will be a JSON response returned in the body with the key message.
{
"message": "auth error: invalid credentials"
}
401
Unless you receive a HTTP status of 200 and is_valid is true the purchase should not be allowed to continue.
Create API
The valid fraud token should be included in the create API call
Updated about 2 months ago